@better-auth/passkey 1.4.6-beta.2 → 1.4.6

package/dist/client.d.mts

@@ -1,4 +1,4 @@
-import { n as Passkey, t as passkey } from "./index-DhzUw_n7.mjs";
+import { i as WebAuthnChallengeValue, n as Passkey, r as PasskeyOptions, t as passkey } from "./index-HkgxjeuE.mjs";
 import * as better_auth0 from "better-auth";
 import * as nanostores0 from "nanostores";
 import { atom } from "nanostores";
@@ -6,6 +6,7 @@ import * as _better_fetch_fetch0 from "@better-fetch/fetch";
 import { BetterFetch } from "@better-fetch/fetch";
 import { ClientFetchOption, ClientStore } from "@better-auth/core";
 import { Session, User } from "better-auth/types";
+export * from "@simplewebauthn/server";
 
 //#region src/client.d.ts
 declare const getPasskeyActions: ($fetch: BetterFetch, {
@@ -194,7 +195,7 @@ declare const passkeyClient: () => {
     "/passkey/authenticate": "POST";
   };
   atomListeners: ({
-    matcher(path: string): path is "/passkey/verify-registration" | "/passkey/delete-passkey" | "/passkey/update-passkey" | "/sign-out";
+    matcher(path: string): path is "/passkey/delete-passkey" | "/passkey/update-passkey" | "/passkey/verify-registration" | "/sign-out";
     signal: "$listPasskeys";
   } | {
     matcher: (path: string) => path is "/passkey/verify-authentication";
@@ -202,4 +203,4 @@ declare const passkeyClient: () => {
   })[];
 };
 //#endregion
-export { getPasskeyActions, passkeyClient };
+export { Passkey, PasskeyOptions, WebAuthnChallengeValue, getPasskeyActions, passkeyClient };

package/dist/{index-DhzUw_n7.d.mts → index-HkgxjeuE.d.mts}

@@ -1,7 +1,8 @@
 import * as _simplewebauthn_server0 from "@simplewebauthn/server";
-import { AuthenticationResponseJSON, CredentialDeviceType, PublicKeyCredentialCreationOptionsJSON } from "@simplewebauthn/server";
+import { CredentialDeviceType } from "@simplewebauthn/server";
+import * as better_auth0 from "better-auth";
 import * as better_call0 from "better-call";
-import * as z from "zod";
+import * as zod0 from "zod";
 import { InferOptionSchema } from "better-auth/types";
 
 //#region src/schema.d.ts
@@ -59,7 +60,15 @@ declare const schema: {
 };
 //#endregion
 //#region src/types.d.ts
-
+/**
+ * @internal
+ */
+interface WebAuthnChallengeValue {
+  expectedChallenge: string;
+  userData: {
+    id: string;
+  };
+}
 interface PasskeyOptions {
   /**
    * A unique identifier for your website. 'localhost' is okay for
@@ -147,13 +156,13 @@ declare const passkey: (options?: PasskeyOptions | undefined) => {
           };
         };
       }>)[];
-      query: z.ZodOptional<z.ZodObject<{
-        authenticatorAttachment: z.ZodOptional<z.ZodEnum<{
+      query: zod0.ZodOptional<zod0.ZodObject<{
+        authenticatorAttachment: zod0.ZodOptional<zod0.ZodEnum<{
           platform: "platform";
           "cross-platform": "cross-platform";
         }>>;
-        name: z.ZodOptional<z.ZodString>;
-      }, z.core.$strip>>;
+        name: zod0.ZodOptional<zod0.ZodString>;
+      }, better_auth0.$strip>>;
       metadata: {
         openapi: {
           operationId: string;
@@ -273,7 +282,7 @@ declare const passkey: (options?: PasskeyOptions | undefined) => {
       };
     } & {
       use: any[];
-    }, PublicKeyCredentialCreationOptionsJSON>;
+    }, _simplewebauthn_server0.PublicKeyCredentialCreationOptionsJSON>;
     generatePasskeyAuthenticationOptions: better_call0.StrictEndpoint<"/passkey/generate-authenticate-options", {
       method: "GET";
       metadata: {
@@ -372,10 +381,10 @@ declare const passkey: (options?: PasskeyOptions | undefined) => {
     }, _simplewebauthn_server0.PublicKeyCredentialRequestOptionsJSON>;
     verifyPasskeyRegistration: better_call0.StrictEndpoint<"/passkey/verify-registration", {
       method: "POST";
-      body: z.ZodObject<{
-        response: z.ZodAny;
-        name: z.ZodOptional<z.ZodString>;
-      }, z.core.$strip>;
+      body: zod0.ZodObject<{
+        response: zod0.ZodAny;
+        name: zod0.ZodOptional<zod0.ZodString>;
+      }, better_auth0.$strip>;
       use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
         session: {
           session: Record<string, any> & {
@@ -425,9 +434,9 @@ declare const passkey: (options?: PasskeyOptions | undefined) => {
     }, Passkey | null>;
     verifyPasskeyAuthentication: better_call0.StrictEndpoint<"/passkey/verify-authentication", {
       method: "POST";
-      body: z.ZodObject<{
-        response: z.ZodRecord<z.ZodAny, z.ZodAny>;
-      }, z.core.$strip>;
+      body: zod0.ZodObject<{
+        response: zod0.ZodRecord<zod0.ZodAny, zod0.ZodAny>;
+      }, better_auth0.$strip>;
       metadata: {
         openapi: {
           operationId: string;
@@ -455,7 +464,7 @@ declare const passkey: (options?: PasskeyOptions | undefined) => {
         };
         $Infer: {
           body: {
-            response: AuthenticationResponseJSON;
+            response: _simplewebauthn_server0.AuthenticationResponseJSON;
           };
         };
       };
@@ -473,21 +482,6 @@ declare const passkey: (options?: PasskeyOptions | undefined) => {
         userAgent?: string | null | undefined;
       };
     }>;
-    /**
-     * ### Endpoint
-     *
-     * GET `/passkey/list-user-passkeys`
-     *
-     * ### API Methods
-     *
-     * **server:**
-     * `auth.api.listPasskeys`
-     *
-     * **client:**
-     * `authClient.passkey.listUserPasskeys`
-     *
-     * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/passkey#api-method-passkey-list-user-passkeys)
-     */
     listPasskeys: better_call0.StrictEndpoint<"/passkey/list-user-passkeys", {
       method: "GET";
       use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
@@ -538,26 +532,11 @@ declare const passkey: (options?: PasskeyOptions | undefined) => {
     } & {
       use: any[];
     }, Passkey[]>;
-    /**
-     * ### Endpoint
-     *
-     * POST `/passkey/delete-passkey`
-     *
-     * ### API Methods
-     *
-     * **server:**
-     * `auth.api.deletePasskey`
-     *
-     * **client:**
-     * `authClient.passkey.deletePasskey`
-     *
-     * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/passkey#api-method-passkey-delete-passkey)
-     */
     deletePasskey: better_call0.StrictEndpoint<"/passkey/delete-passkey", {
       method: "POST";
-      body: z.ZodObject<{
-        id: z.ZodString;
-      }, z.core.$strip>;
+      body: zod0.ZodObject<{
+        id: zod0.ZodString;
+      }, better_auth0.$strip>;
       use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
         session: {
           session: Record<string, any> & {
@@ -610,27 +589,12 @@ declare const passkey: (options?: PasskeyOptions | undefined) => {
     }, {
       status: boolean;
     }>;
-    /**
-     * ### Endpoint
-     *
-     * POST `/passkey/update-passkey`
-     *
-     * ### API Methods
-     *
-     * **server:**
-     * `auth.api.updatePasskey`
-     *
-     * **client:**
-     * `authClient.passkey.updatePasskey`
-     *
-     * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/passkey#api-method-passkey-update-passkey)
-     */
     updatePasskey: better_call0.StrictEndpoint<"/passkey/update-passkey", {
       method: "POST";
-      body: z.ZodObject<{
-        id: z.ZodString;
-        name: z.ZodString;
-      }, z.core.$strip>;
+      body: zod0.ZodObject<{
+        id: zod0.ZodString;
+        name: zod0.ZodString;
+      }, better_auth0.$strip>;
       use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
         session: {
           session: Record<string, any> & {
@@ -746,4 +710,4 @@ declare const passkey: (options?: PasskeyOptions | undefined) => {
   };
 };
 //#endregion
-export { Passkey as n, PasskeyOptions as r, passkey as t };
+export { WebAuthnChallengeValue as i, Passkey as n, PasskeyOptions as r, passkey as t };

package/dist/index.d.mts

@@ -1,2 +1,2 @@
-import { n as Passkey, r as PasskeyOptions, t as passkey } from "./index-DhzUw_n7.mjs";
+import { n as Passkey, r as PasskeyOptions, t as passkey } from "./index-HkgxjeuE.mjs";
 export { Passkey, PasskeyOptions, passkey };

package/dist/index.mjs

@@ -1,3 +1,5 @@
+import { mergeSchema } from "better-auth/db";
+import { defineErrorCodes } from "@better-auth/core/utils";
 import { createAuthEndpoint } from "@better-auth/core/api";
 import { base64 } from "@better-auth/utils/base64";
 import { generateAuthenticationOptions, generateRegistrationOptions, verifyAuthenticationResponse, verifyRegistrationResponse } from "@simplewebauthn/server";
@@ -5,10 +7,8 @@ import { generateId } from "better-auth";
 import { freshSessionMiddleware, getSessionFromCtx, sessionMiddleware } from "better-auth/api";
 import { setSessionCookie } from "better-auth/cookies";
 import { generateRandomString } from "better-auth/crypto";
-import { mergeSchema } from "better-auth/db";
 import { APIError } from "better-call";
 import * as z from "zod";
-import { defineErrorCodes } from "@better-auth/core/utils";
 
 //#region src/error-codes.ts
 const PASSKEY_ERROR_CODES = defineErrorCodes({
@@ -21,6 +21,530 @@ const PASSKEY_ERROR_CODES = defineErrorCodes({
 	FAILED_TO_UPDATE_PASSKEY: "Failed to update passkey"
 });
 
+//#endregion
+//#region src/utils.ts
+function getRpID(options, baseURL) {
+	return options.rpID || (baseURL ? new URL(baseURL).hostname : "localhost");
+}
+
+//#endregion
+//#region src/routes.ts
+const generatePasskeyQuerySchema = z.object({
+	authenticatorAttachment: z.enum(["platform", "cross-platform"]).optional(),
+	name: z.string().optional()
+}).optional();
+const generatePasskeyRegistrationOptions = (opts, { maxAgeInSeconds, expirationTime }) => createAuthEndpoint("/passkey/generate-register-options", {
+	method: "GET",
+	use: [freshSessionMiddleware],
+	query: generatePasskeyQuerySchema,
+	metadata: { openapi: {
+		operationId: "generatePasskeyRegistrationOptions",
+		description: "Generate registration options for a new passkey",
+		responses: { 200: {
+			description: "Success",
+			parameters: { query: {
+				authenticatorAttachment: {
+					description: `Type of authenticator to use for registration.
+                          "platform" for device-specific authenticators,
+                          "cross-platform" for authenticators that can be used across devices.`,
+					required: false
+				},
+				name: {
+					description: `Optional custom name for the passkey.
+                          This can help identify the passkey when managing multiple credentials.`,
+					required: false
+				}
+			} },
+			content: { "application/json": { schema: {
+				type: "object",
+				properties: {
+					challenge: { type: "string" },
+					rp: {
+						type: "object",
+						properties: {
+							name: { type: "string" },
+							id: { type: "string" }
+						}
+					},
+					user: {
+						type: "object",
+						properties: {
+							id: { type: "string" },
+							name: { type: "string" },
+							displayName: { type: "string" }
+						}
+					},
+					pubKeyCredParams: {
+						type: "array",
+						items: {
+							type: "object",
+							properties: {
+								type: { type: "string" },
+								alg: { type: "number" }
+							}
+						}
+					},
+					timeout: { type: "number" },
+					excludeCredentials: {
+						type: "array",
+						items: {
+							type: "object",
+							properties: {
+								id: { type: "string" },
+								type: { type: "string" },
+								transports: {
+									type: "array",
+									items: { type: "string" }
+								}
+							}
+						}
+					},
+					authenticatorSelection: {
+						type: "object",
+						properties: {
+							authenticatorAttachment: { type: "string" },
+							requireResidentKey: { type: "boolean" },
+							userVerification: { type: "string" }
+						}
+					},
+					attestation: { type: "string" },
+					extensions: { type: "object" }
+				}
+			} } }
+		} }
+	} }
+}, async (ctx) => {
+	const { session } = ctx.context;
+	const userPasskeys = await ctx.context.adapter.findMany({
+		model: "passkey",
+		where: [{
+			field: "userId",
+			value: session.user.id
+		}]
+	});
+	const userID = new TextEncoder().encode(generateRandomString(32, "a-z", "0-9"));
+	let options;
+	options = await generateRegistrationOptions({
+		rpName: opts.rpName || ctx.context.appName,
+		rpID: getRpID(opts, ctx.context.options.baseURL),
+		userID,
+		userName: ctx.query?.name || session.user.email || session.user.id,
+		userDisplayName: session.user.email || session.user.id,
+		attestationType: "none",
+		excludeCredentials: userPasskeys.map((passkey$1) => ({
+			id: passkey$1.credentialID,
+			transports: passkey$1.transports?.split(",")
+		})),
+		authenticatorSelection: {
+			residentKey: "preferred",
+			userVerification: "preferred",
+			...opts.authenticatorSelection || {},
+			...ctx.query?.authenticatorAttachment ? { authenticatorAttachment: ctx.query.authenticatorAttachment } : {}
+		}
+	});
+	const id = generateId(32);
+	const webAuthnCookie = ctx.context.createAuthCookie(opts.advanced.webAuthnChallengeCookie);
+	await ctx.setSignedCookie(webAuthnCookie.name, id, ctx.context.secret, {
+		...webAuthnCookie.attributes,
+		maxAge: maxAgeInSeconds
+	});
+	await ctx.context.internalAdapter.createVerificationValue({
+		identifier: id,
+		value: JSON.stringify({
+			expectedChallenge: options.challenge,
+			userData: { id: session.user.id }
+		}),
+		expiresAt: expirationTime
+	});
+	return ctx.json(options, { status: 200 });
+});
+const generatePasskeyAuthenticationOptions = (opts, { maxAgeInSeconds, expirationTime }) => createAuthEndpoint("/passkey/generate-authenticate-options", {
+	method: "GET",
+	metadata: { openapi: {
+		operationId: "passkeyGenerateAuthenticateOptions",
+		description: "Generate authentication options for a passkey",
+		responses: { 200: {
+			description: "Success",
+			content: { "application/json": { schema: {
+				type: "object",
+				properties: {
+					challenge: { type: "string" },
+					rp: {
+						type: "object",
+						properties: {
+							name: { type: "string" },
+							id: { type: "string" }
+						}
+					},
+					user: {
+						type: "object",
+						properties: {
+							id: { type: "string" },
+							name: { type: "string" },
+							displayName: { type: "string" }
+						}
+					},
+					timeout: { type: "number" },
+					allowCredentials: {
+						type: "array",
+						items: {
+							type: "object",
+							properties: {
+								id: { type: "string" },
+								type: { type: "string" },
+								transports: {
+									type: "array",
+									items: { type: "string" }
+								}
+							}
+						}
+					},
+					userVerification: { type: "string" },
+					authenticatorSelection: {
+						type: "object",
+						properties: {
+							authenticatorAttachment: { type: "string" },
+							requireResidentKey: { type: "boolean" },
+							userVerification: { type: "string" }
+						}
+					},
+					extensions: { type: "object" }
+				}
+			} } }
+		} }
+	} }
+}, async (ctx) => {
+	const session = await getSessionFromCtx(ctx);
+	let userPasskeys = [];
+	if (session) userPasskeys = await ctx.context.adapter.findMany({
+		model: "passkey",
+		where: [{
+			field: "userId",
+			value: session.user.id
+		}]
+	});
+	const options = await generateAuthenticationOptions({
+		rpID: getRpID(opts, ctx.context.options.baseURL),
+		userVerification: "preferred",
+		...userPasskeys.length ? { allowCredentials: userPasskeys.map((passkey$1) => ({
+			id: passkey$1.credentialID,
+			transports: passkey$1.transports?.split(",")
+		})) } : {}
+	});
+	const data = {
+		expectedChallenge: options.challenge,
+		userData: { id: session?.user.id || "" }
+	};
+	const id = generateId(32);
+	const webAuthnCookie = ctx.context.createAuthCookie(opts.advanced.webAuthnChallengeCookie);
+	await ctx.setSignedCookie(webAuthnCookie.name, id, ctx.context.secret, {
+		...webAuthnCookie.attributes,
+		maxAge: maxAgeInSeconds
+	});
+	await ctx.context.internalAdapter.createVerificationValue({
+		identifier: id,
+		value: JSON.stringify(data),
+		expiresAt: expirationTime
+	});
+	return ctx.json(options, { status: 200 });
+});
+const verifyPasskeyRegistrationBodySchema = z.object({
+	response: z.any(),
+	name: z.string().meta({ description: "Name of the passkey" }).optional()
+});
+const verifyPasskeyRegistration = (options) => createAuthEndpoint("/passkey/verify-registration", {
+	method: "POST",
+	body: verifyPasskeyRegistrationBodySchema,
+	use: [freshSessionMiddleware],
+	metadata: { openapi: {
+		operationId: "passkeyVerifyRegistration",
+		description: "Verify registration of a new passkey",
+		responses: {
+			200: {
+				description: "Success",
+				content: { "application/json": { schema: { $ref: "#/components/schemas/Passkey" } } }
+			},
+			400: { description: "Bad request" }
+		}
+	} }
+}, async (ctx) => {
+	const origin = options?.origin || ctx.headers?.get("origin") || "";
+	if (!origin) return ctx.json(null, { status: 400 });
+	const resp = ctx.body.response;
+	const webAuthnCookie = ctx.context.createAuthCookie(options.advanced.webAuthnChallengeCookie);
+	const challengeId = await ctx.getSignedCookie(webAuthnCookie.name, ctx.context.secret);
+	if (!challengeId) throw new APIError("BAD_REQUEST", { message: PASSKEY_ERROR_CODES.CHALLENGE_NOT_FOUND });
+	const data = await ctx.context.internalAdapter.findVerificationValue(challengeId);
+	if (!data) return ctx.json(null, { status: 400 });
+	const { expectedChallenge, userData } = JSON.parse(data.value);
+	if (userData.id !== ctx.context.session.user.id) throw new APIError("UNAUTHORIZED", { message: PASSKEY_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_REGISTER_THIS_PASSKEY });
+	try {
+		const { verified, registrationInfo } = await verifyRegistrationResponse({
+			response: resp,
+			expectedChallenge,
+			expectedOrigin: origin,
+			expectedRPID: getRpID(options, ctx.context.options.baseURL),
+			requireUserVerification: false
+		});
+		if (!verified || !registrationInfo) return ctx.json(null, { status: 400 });
+		const { aaguid, credentialDeviceType, credentialBackedUp, credential, credentialType } = registrationInfo;
+		const pubKey = base64.encode(credential.publicKey);
+		const newPasskey = {
+			name: ctx.body.name,
+			userId: userData.id,
+			credentialID: credential.id,
+			publicKey: pubKey,
+			counter: credential.counter,
+			deviceType: credentialDeviceType,
+			transports: resp.response.transports.join(","),
+			backedUp: credentialBackedUp,
+			createdAt: /* @__PURE__ */ new Date(),
+			aaguid
+		};
+		const newPasskeyRes = await ctx.context.adapter.create({
+			model: "passkey",
+			data: newPasskey
+		});
+		return ctx.json(newPasskeyRes, { status: 200 });
+	} catch (e) {
+		console.log(e);
+		throw new APIError("INTERNAL_SERVER_ERROR", { message: PASSKEY_ERROR_CODES.FAILED_TO_VERIFY_REGISTRATION });
+	}
+});
+const verifyPasskeyAuthenticationBodySchema = z.object({ response: z.record(z.any(), z.any()) });
+const verifyPasskeyAuthentication = (options) => createAuthEndpoint("/passkey/verify-authentication", {
+	method: "POST",
+	body: verifyPasskeyAuthenticationBodySchema,
+	metadata: {
+		openapi: {
+			operationId: "passkeyVerifyAuthentication",
+			description: "Verify authentication of a passkey",
+			responses: { 200: {
+				description: "Success",
+				content: { "application/json": { schema: {
+					type: "object",
+					properties: {
+						session: { $ref: "#/components/schemas/Session" },
+						user: { $ref: "#/components/schemas/User" }
+					}
+				} } }
+			} }
+		},
+		$Infer: { body: {} }
+	}
+}, async (ctx) => {
+	const origin = options?.origin || ctx.headers?.get("origin") || "";
+	if (!origin) throw new APIError("BAD_REQUEST", { message: "origin missing" });
+	const resp = ctx.body.response;
+	const webAuthnCookie = ctx.context.createAuthCookie(options.advanced.webAuthnChallengeCookie);
+	const challengeId = await ctx.getSignedCookie(webAuthnCookie.name, ctx.context.secret);
+	if (!challengeId) throw new APIError("BAD_REQUEST", { message: PASSKEY_ERROR_CODES.CHALLENGE_NOT_FOUND });
+	const data = await ctx.context.internalAdapter.findVerificationValue(challengeId);
+	if (!data) throw new APIError("BAD_REQUEST", { message: PASSKEY_ERROR_CODES.CHALLENGE_NOT_FOUND });
+	const { expectedChallenge } = JSON.parse(data.value);
+	const passkey$1 = await ctx.context.adapter.findOne({
+		model: "passkey",
+		where: [{
+			field: "credentialID",
+			value: resp.id
+		}]
+	});
+	if (!passkey$1) throw new APIError("UNAUTHORIZED", { message: PASSKEY_ERROR_CODES.PASSKEY_NOT_FOUND });
+	try {
+		const verification = await verifyAuthenticationResponse({
+			response: resp,
+			expectedChallenge,
+			expectedOrigin: origin,
+			expectedRPID: getRpID(options, ctx.context.options.baseURL),
+			credential: {
+				id: passkey$1.credentialID,
+				publicKey: base64.decode(passkey$1.publicKey),
+				counter: passkey$1.counter,
+				transports: passkey$1.transports?.split(",")
+			},
+			requireUserVerification: false
+		});
+		const { verified } = verification;
+		if (!verified) throw new APIError("UNAUTHORIZED", { message: PASSKEY_ERROR_CODES.AUTHENTICATION_FAILED });
+		await ctx.context.adapter.update({
+			model: "passkey",
+			where: [{
+				field: "id",
+				value: passkey$1.id
+			}],
+			update: { counter: verification.authenticationInfo.newCounter }
+		});
+		const s = await ctx.context.internalAdapter.createSession(passkey$1.userId);
+		if (!s) throw new APIError("INTERNAL_SERVER_ERROR", { message: PASSKEY_ERROR_CODES.UNABLE_TO_CREATE_SESSION });
+		const user = await ctx.context.internalAdapter.findUserById(passkey$1.userId);
+		if (!user) throw new APIError("INTERNAL_SERVER_ERROR", { message: "User not found" });
+		await setSessionCookie(ctx, {
+			session: s,
+			user
+		});
+		return ctx.json({ session: s }, { status: 200 });
+	} catch (e) {
+		ctx.context.logger.error("Failed to verify authentication", e);
+		throw new APIError("BAD_REQUEST", { message: PASSKEY_ERROR_CODES.AUTHENTICATION_FAILED });
+	}
+});
+/**
+* ### Endpoint
+*
+* GET `/passkey/list-user-passkeys`
+*
+* ### API Methods
+*
+* **server:**
+* `auth.api.listPasskeys`
+*
+* **client:**
+* `authClient.passkey.listUserPasskeys`
+*
+* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/passkey#api-method-passkey-list-user-passkeys)
+*/
+const listPasskeys = createAuthEndpoint("/passkey/list-user-passkeys", {
+	method: "GET",
+	use: [sessionMiddleware],
+	metadata: { openapi: {
+		description: "List all passkeys for the authenticated user",
+		responses: { "200": {
+			description: "Passkeys retrieved successfully",
+			content: { "application/json": { schema: {
+				type: "array",
+				items: {
+					$ref: "#/components/schemas/Passkey",
+					required: [
+						"id",
+						"userId",
+						"publicKey",
+						"createdAt",
+						"updatedAt"
+					]
+				},
+				description: "Array of passkey objects associated with the user"
+			} } }
+		} }
+	} }
+}, async (ctx) => {
+	const passkeys = await ctx.context.adapter.findMany({
+		model: "passkey",
+		where: [{
+			field: "userId",
+			value: ctx.context.session.user.id
+		}]
+	});
+	return ctx.json(passkeys, { status: 200 });
+});
+const deletePasskeyBodySchema = z.object({ id: z.string().meta({ description: "The ID of the passkey to delete. Eg: \"some-passkey-id\"" }) });
+/**
+* ### Endpoint
+*
+* POST `/passkey/delete-passkey`
+*
+* ### API Methods
+*
+* **server:**
+* `auth.api.deletePasskey`
+*
+* **client:**
+* `authClient.passkey.deletePasskey`
+*
+* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/passkey#api-method-passkey-delete-passkey)
+*/
+const deletePasskey = createAuthEndpoint("/passkey/delete-passkey", {
+	method: "POST",
+	body: deletePasskeyBodySchema,
+	use: [sessionMiddleware],
+	metadata: { openapi: {
+		description: "Delete a specific passkey",
+		responses: { "200": {
+			description: "Passkey deleted successfully",
+			content: { "application/json": { schema: {
+				type: "object",
+				properties: { status: {
+					type: "boolean",
+					description: "Indicates whether the deletion was successful"
+				} },
+				required: ["status"]
+			} } }
+		} }
+	} }
+}, async (ctx) => {
+	const passkey$1 = await ctx.context.adapter.findOne({
+		model: "passkey",
+		where: [{
+			field: "id",
+			value: ctx.body.id
+		}]
+	});
+	if (!passkey$1) throw new APIError("NOT_FOUND", { message: PASSKEY_ERROR_CODES.PASSKEY_NOT_FOUND });
+	if (passkey$1.userId !== ctx.context.session.user.id) throw new APIError("UNAUTHORIZED");
+	await ctx.context.adapter.delete({
+		model: "passkey",
+		where: [{
+			field: "id",
+			value: passkey$1.id
+		}]
+	});
+	return ctx.json({ status: true });
+});
+const updatePassKeyBodySchema = z.object({
+	id: z.string().meta({ description: `The ID of the passkey which will be updated. Eg: \"passkey-id\"` }),
+	name: z.string().meta({ description: `The new name which the passkey will be updated to. Eg: \"my-new-passkey-name\"` })
+});
+/**
+* ### Endpoint
+*
+* POST `/passkey/update-passkey`
+*
+* ### API Methods
+*
+* **server:**
+* `auth.api.updatePasskey`
+*
+* **client:**
+* `authClient.passkey.updatePasskey`
+*
+* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/passkey#api-method-passkey-update-passkey)
+*/
+const updatePasskey = createAuthEndpoint("/passkey/update-passkey", {
+	method: "POST",
+	body: updatePassKeyBodySchema,
+	use: [sessionMiddleware],
+	metadata: { openapi: {
+		description: "Update a specific passkey's name",
+		responses: { "200": {
+			description: "Passkey updated successfully",
+			content: { "application/json": { schema: {
+				type: "object",
+				properties: { passkey: { $ref: "#/components/schemas/Passkey" } },
+				required: ["passkey"]
+			} } }
+		} }
+	} }
+}, async (ctx) => {
+	const passkey$1 = await ctx.context.adapter.findOne({
+		model: "passkey",
+		where: [{
+			field: "id",
+			value: ctx.body.id
+		}]
+	});
+	if (!passkey$1) throw new APIError("NOT_FOUND", { message: PASSKEY_ERROR_CODES.PASSKEY_NOT_FOUND });
+	if (passkey$1.userId !== ctx.context.session.user.id) throw new APIError("UNAUTHORIZED", { message: PASSKEY_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_REGISTER_THIS_PASSKEY });
+	const updatedPasskey = await ctx.context.adapter.update({
+		model: "passkey",
+		where: [{
+			field: "id",
+			value: ctx.body.id
+		}],
+		update: { name: ctx.body.name }
+	});
+	if (!updatedPasskey) throw new APIError("INTERNAL_SERVER_ERROR", { message: PASSKEY_ERROR_CODES.FAILED_TO_UPDATE_PASSKEY });
+	return ctx.json({ passkey: updatedPasskey }, { status: 200 });
+});
+
 //#endregion
 //#region src/schema.ts
 const schema = { passkey: { fields: {
@@ -72,12 +596,6 @@ const schema = { passkey: { fields: {
 	}
 } } };
 
-//#endregion
-//#region src/utils.ts
-function getRpID(options, baseURL) {
-	return options.rpID || (baseURL ? new URL(baseURL).hostname : "localhost");
-}
-
 //#endregion
 //#region src/index.ts
 const passkey = (options) => {
@@ -95,471 +613,19 @@ const passkey = (options) => {
 	return {
 		id: "passkey",
 		endpoints: {
-			generatePasskeyRegistrationOptions: createAuthEndpoint("/passkey/generate-register-options", {
-				method: "GET",
-				use: [freshSessionMiddleware],
-				query: z.object({
-					authenticatorAttachment: z.enum(["platform", "cross-platform"]).optional(),
-					name: z.string().optional()
-				}).optional(),
-				metadata: { openapi: {
-					operationId: "generatePasskeyRegistrationOptions",
-					description: "Generate registration options for a new passkey",
-					responses: { 200: {
-						description: "Success",
-						parameters: { query: {
-							authenticatorAttachment: {
-								description: `Type of authenticator to use for registration.
-                          "platform" for device-specific authenticators,
-                          "cross-platform" for authenticators that can be used across devices.`,
-								required: false
-							},
-							name: {
-								description: `Optional custom name for the passkey.
-                          This can help identify the passkey when managing multiple credentials.`,
-								required: false
-							}
-						} },
-						content: { "application/json": { schema: {
-							type: "object",
-							properties: {
-								challenge: { type: "string" },
-								rp: {
-									type: "object",
-									properties: {
-										name: { type: "string" },
-										id: { type: "string" }
-									}
-								},
-								user: {
-									type: "object",
-									properties: {
-										id: { type: "string" },
-										name: { type: "string" },
-										displayName: { type: "string" }
-									}
-								},
-								pubKeyCredParams: {
-									type: "array",
-									items: {
-										type: "object",
-										properties: {
-											type: { type: "string" },
-											alg: { type: "number" }
-										}
-									}
-								},
-								timeout: { type: "number" },
-								excludeCredentials: {
-									type: "array",
-									items: {
-										type: "object",
-										properties: {
-											id: { type: "string" },
-											type: { type: "string" },
-											transports: {
-												type: "array",
-												items: { type: "string" }
-											}
-										}
-									}
-								},
-								authenticatorSelection: {
-									type: "object",
-									properties: {
-										authenticatorAttachment: { type: "string" },
-										requireResidentKey: { type: "boolean" },
-										userVerification: { type: "string" }
-									}
-								},
-								attestation: { type: "string" },
-								extensions: { type: "object" }
-							}
-						} } }
-					} }
-				} }
-			}, async (ctx) => {
-				const { session } = ctx.context;
-				const userPasskeys = await ctx.context.adapter.findMany({
-					model: "passkey",
-					where: [{
-						field: "userId",
-						value: session.user.id
-					}]
-				});
-				const userID = new TextEncoder().encode(generateRandomString(32, "a-z", "0-9"));
-				let options$1;
-				options$1 = await generateRegistrationOptions({
-					rpName: opts.rpName || ctx.context.appName,
-					rpID: getRpID(opts, ctx.context.options.baseURL),
-					userID,
-					userName: ctx.query?.name || session.user.email || session.user.id,
-					userDisplayName: session.user.email || session.user.id,
-					attestationType: "none",
-					excludeCredentials: userPasskeys.map((passkey$1) => ({
-						id: passkey$1.credentialID,
-						transports: passkey$1.transports?.split(",")
-					})),
-					authenticatorSelection: {
-						residentKey: "preferred",
-						userVerification: "preferred",
-						...opts.authenticatorSelection || {},
-						...ctx.query?.authenticatorAttachment ? { authenticatorAttachment: ctx.query.authenticatorAttachment } : {}
-					}
-				});
-				const id = generateId(32);
-				const webAuthnCookie = ctx.context.createAuthCookie(opts.advanced.webAuthnChallengeCookie);
-				await ctx.setSignedCookie(webAuthnCookie.name, id, ctx.context.secret, {
-					...webAuthnCookie.attributes,
-					maxAge: maxAgeInSeconds
-				});
-				await ctx.context.internalAdapter.createVerificationValue({
-					identifier: id,
-					value: JSON.stringify({
-						expectedChallenge: options$1.challenge,
-						userData: { id: session.user.id }
-					}),
-					expiresAt: expirationTime
-				});
-				return ctx.json(options$1, { status: 200 });
+			generatePasskeyRegistrationOptions: generatePasskeyRegistrationOptions(opts, {
+				maxAgeInSeconds,
+				expirationTime
 			}),
-			generatePasskeyAuthenticationOptions: createAuthEndpoint("/passkey/generate-authenticate-options", {
-				method: "GET",
-				metadata: { openapi: {
-					operationId: "passkeyGenerateAuthenticateOptions",
-					description: "Generate authentication options for a passkey",
-					responses: { 200: {
-						description: "Success",
-						content: { "application/json": { schema: {
-							type: "object",
-							properties: {
-								challenge: { type: "string" },
-								rp: {
-									type: "object",
-									properties: {
-										name: { type: "string" },
-										id: { type: "string" }
-									}
-								},
-								user: {
-									type: "object",
-									properties: {
-										id: { type: "string" },
-										name: { type: "string" },
-										displayName: { type: "string" }
-									}
-								},
-								timeout: { type: "number" },
-								allowCredentials: {
-									type: "array",
-									items: {
-										type: "object",
-										properties: {
-											id: { type: "string" },
-											type: { type: "string" },
-											transports: {
-												type: "array",
-												items: { type: "string" }
-											}
-										}
-									}
-								},
-								userVerification: { type: "string" },
-								authenticatorSelection: {
-									type: "object",
-									properties: {
-										authenticatorAttachment: { type: "string" },
-										requireResidentKey: { type: "boolean" },
-										userVerification: { type: "string" }
-									}
-								},
-								extensions: { type: "object" }
-							}
-						} } }
-					} }
-				} }
-			}, async (ctx) => {
-				const session = await getSessionFromCtx(ctx);
-				let userPasskeys = [];
-				if (session) userPasskeys = await ctx.context.adapter.findMany({
-					model: "passkey",
-					where: [{
-						field: "userId",
-						value: session.user.id
-					}]
-				});
-				const options$1 = await generateAuthenticationOptions({
-					rpID: getRpID(opts, ctx.context.options.baseURL),
-					userVerification: "preferred",
-					...userPasskeys.length ? { allowCredentials: userPasskeys.map((passkey$1) => ({
-						id: passkey$1.credentialID,
-						transports: passkey$1.transports?.split(",")
-					})) } : {}
-				});
-				const data = {
-					expectedChallenge: options$1.challenge,
-					userData: { id: session?.user.id || "" }
-				};
-				const id = generateId(32);
-				const webAuthnCookie = ctx.context.createAuthCookie(opts.advanced.webAuthnChallengeCookie);
-				await ctx.setSignedCookie(webAuthnCookie.name, id, ctx.context.secret, {
-					...webAuthnCookie.attributes,
-					maxAge: maxAgeInSeconds
-				});
-				await ctx.context.internalAdapter.createVerificationValue({
-					identifier: id,
-					value: JSON.stringify(data),
-					expiresAt: expirationTime
-				});
-				return ctx.json(options$1, { status: 200 });
+			generatePasskeyAuthenticationOptions: generatePasskeyAuthenticationOptions(opts, {
+				maxAgeInSeconds,
+				expirationTime
 			}),
-			verifyPasskeyRegistration: createAuthEndpoint("/passkey/verify-registration", {
-				method: "POST",
-				body: z.object({
-					response: z.any(),
-					name: z.string().meta({ description: "Name of the passkey" }).optional()
-				}),
-				use: [freshSessionMiddleware],
-				metadata: { openapi: {
-					operationId: "passkeyVerifyRegistration",
-					description: "Verify registration of a new passkey",
-					responses: {
-						200: {
-							description: "Success",
-							content: { "application/json": { schema: { $ref: "#/components/schemas/Passkey" } } }
-						},
-						400: { description: "Bad request" }
-					}
-				} }
-			}, async (ctx) => {
-				const origin = options?.origin || ctx.headers?.get("origin") || "";
-				if (!origin) return ctx.json(null, { status: 400 });
-				const resp = ctx.body.response;
-				const webAuthnCookie = ctx.context.createAuthCookie(opts.advanced.webAuthnChallengeCookie);
-				const challengeId = await ctx.getSignedCookie(webAuthnCookie.name, ctx.context.secret);
-				if (!challengeId) throw new APIError("BAD_REQUEST", { message: PASSKEY_ERROR_CODES.CHALLENGE_NOT_FOUND });
-				const data = await ctx.context.internalAdapter.findVerificationValue(challengeId);
-				if (!data) return ctx.json(null, { status: 400 });
-				const { expectedChallenge, userData } = JSON.parse(data.value);
-				if (userData.id !== ctx.context.session.user.id) throw new APIError("UNAUTHORIZED", { message: PASSKEY_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_REGISTER_THIS_PASSKEY });
-				try {
-					const { verified, registrationInfo } = await verifyRegistrationResponse({
-						response: resp,
-						expectedChallenge,
-						expectedOrigin: origin,
-						expectedRPID: getRpID(opts, ctx.context.options.baseURL),
-						requireUserVerification: false
-					});
-					if (!verified || !registrationInfo) return ctx.json(null, { status: 400 });
-					const { aaguid, credentialDeviceType, credentialBackedUp, credential, credentialType } = registrationInfo;
-					const pubKey = base64.encode(credential.publicKey);
-					const newPasskey = {
-						name: ctx.body.name,
-						userId: userData.id,
-						credentialID: credential.id,
-						publicKey: pubKey,
-						counter: credential.counter,
-						deviceType: credentialDeviceType,
-						transports: resp.response.transports.join(","),
-						backedUp: credentialBackedUp,
-						createdAt: /* @__PURE__ */ new Date(),
-						aaguid
-					};
-					const newPasskeyRes = await ctx.context.adapter.create({
-						model: "passkey",
-						data: newPasskey
-					});
-					return ctx.json(newPasskeyRes, { status: 200 });
-				} catch (e) {
-					console.log(e);
-					throw new APIError("INTERNAL_SERVER_ERROR", { message: PASSKEY_ERROR_CODES.FAILED_TO_VERIFY_REGISTRATION });
-				}
-			}),
-			verifyPasskeyAuthentication: createAuthEndpoint("/passkey/verify-authentication", {
-				method: "POST",
-				body: z.object({ response: z.record(z.any(), z.any()) }),
-				metadata: {
-					openapi: {
-						operationId: "passkeyVerifyAuthentication",
-						description: "Verify authentication of a passkey",
-						responses: { 200: {
-							description: "Success",
-							content: { "application/json": { schema: {
-								type: "object",
-								properties: {
-									session: { $ref: "#/components/schemas/Session" },
-									user: { $ref: "#/components/schemas/User" }
-								}
-							} } }
-						} }
-					},
-					$Infer: { body: {} }
-				}
-			}, async (ctx) => {
-				const origin = options?.origin || ctx.headers?.get("origin") || "";
-				if (!origin) throw new APIError("BAD_REQUEST", { message: "origin missing" });
-				const resp = ctx.body.response;
-				const webAuthnCookie = ctx.context.createAuthCookie(opts.advanced.webAuthnChallengeCookie);
-				const challengeId = await ctx.getSignedCookie(webAuthnCookie.name, ctx.context.secret);
-				if (!challengeId) throw new APIError("BAD_REQUEST", { message: PASSKEY_ERROR_CODES.CHALLENGE_NOT_FOUND });
-				const data = await ctx.context.internalAdapter.findVerificationValue(challengeId);
-				if (!data) throw new APIError("BAD_REQUEST", { message: PASSKEY_ERROR_CODES.CHALLENGE_NOT_FOUND });
-				const { expectedChallenge } = JSON.parse(data.value);
-				const passkey$1 = await ctx.context.adapter.findOne({
-					model: "passkey",
-					where: [{
-						field: "credentialID",
-						value: resp.id
-					}]
-				});
-				if (!passkey$1) throw new APIError("UNAUTHORIZED", { message: PASSKEY_ERROR_CODES.PASSKEY_NOT_FOUND });
-				try {
-					const verification = await verifyAuthenticationResponse({
-						response: resp,
-						expectedChallenge,
-						expectedOrigin: origin,
-						expectedRPID: getRpID(opts, ctx.context.options.baseURL),
-						credential: {
-							id: passkey$1.credentialID,
-							publicKey: base64.decode(passkey$1.publicKey),
-							counter: passkey$1.counter,
-							transports: passkey$1.transports?.split(",")
-						},
-						requireUserVerification: false
-					});
-					const { verified } = verification;
-					if (!verified) throw new APIError("UNAUTHORIZED", { message: PASSKEY_ERROR_CODES.AUTHENTICATION_FAILED });
-					await ctx.context.adapter.update({
-						model: "passkey",
-						where: [{
-							field: "id",
-							value: passkey$1.id
-						}],
-						update: { counter: verification.authenticationInfo.newCounter }
-					});
-					const s = await ctx.context.internalAdapter.createSession(passkey$1.userId);
-					if (!s) throw new APIError("INTERNAL_SERVER_ERROR", { message: PASSKEY_ERROR_CODES.UNABLE_TO_CREATE_SESSION });
-					const user = await ctx.context.internalAdapter.findUserById(passkey$1.userId);
-					if (!user) throw new APIError("INTERNAL_SERVER_ERROR", { message: "User not found" });
-					await setSessionCookie(ctx, {
-						session: s,
-						user
-					});
-					return ctx.json({ session: s }, { status: 200 });
-				} catch (e) {
-					ctx.context.logger.error("Failed to verify authentication", e);
-					throw new APIError("BAD_REQUEST", { message: PASSKEY_ERROR_CODES.AUTHENTICATION_FAILED });
-				}
-			}),
-			listPasskeys: createAuthEndpoint("/passkey/list-user-passkeys", {
-				method: "GET",
-				use: [sessionMiddleware],
-				metadata: { openapi: {
-					description: "List all passkeys for the authenticated user",
-					responses: { "200": {
-						description: "Passkeys retrieved successfully",
-						content: { "application/json": { schema: {
-							type: "array",
-							items: {
-								$ref: "#/components/schemas/Passkey",
-								required: [
-									"id",
-									"userId",
-									"publicKey",
-									"createdAt",
-									"updatedAt"
-								]
-							},
-							description: "Array of passkey objects associated with the user"
-						} } }
-					} }
-				} }
-			}, async (ctx) => {
-				const passkeys = await ctx.context.adapter.findMany({
-					model: "passkey",
-					where: [{
-						field: "userId",
-						value: ctx.context.session.user.id
-					}]
-				});
-				return ctx.json(passkeys, { status: 200 });
-			}),
-			deletePasskey: createAuthEndpoint("/passkey/delete-passkey", {
-				method: "POST",
-				body: z.object({ id: z.string().meta({ description: "The ID of the passkey to delete. Eg: \"some-passkey-id\"" }) }),
-				use: [sessionMiddleware],
-				metadata: { openapi: {
-					description: "Delete a specific passkey",
-					responses: { "200": {
-						description: "Passkey deleted successfully",
-						content: { "application/json": { schema: {
-							type: "object",
-							properties: { status: {
-								type: "boolean",
-								description: "Indicates whether the deletion was successful"
-							} },
-							required: ["status"]
-						} } }
-					} }
-				} }
-			}, async (ctx) => {
-				const passkey$1 = await ctx.context.adapter.findOne({
-					model: "passkey",
-					where: [{
-						field: "id",
-						value: ctx.body.id
-					}]
-				});
-				if (!passkey$1) throw new APIError("NOT_FOUND", { message: PASSKEY_ERROR_CODES.PASSKEY_NOT_FOUND });
-				if (passkey$1.userId !== ctx.context.session.user.id) throw new APIError("UNAUTHORIZED");
-				await ctx.context.adapter.delete({
-					model: "passkey",
-					where: [{
-						field: "id",
-						value: passkey$1.id
-					}]
-				});
-				return ctx.json({ status: true });
-			}),
-			updatePasskey: createAuthEndpoint("/passkey/update-passkey", {
-				method: "POST",
-				body: z.object({
-					id: z.string().meta({ description: `The ID of the passkey which will be updated. Eg: \"passkey-id\"` }),
-					name: z.string().meta({ description: `The new name which the passkey will be updated to. Eg: \"my-new-passkey-name\"` })
-				}),
-				use: [sessionMiddleware],
-				metadata: { openapi: {
-					description: "Update a specific passkey's name",
-					responses: { "200": {
-						description: "Passkey updated successfully",
-						content: { "application/json": { schema: {
-							type: "object",
-							properties: { passkey: { $ref: "#/components/schemas/Passkey" } },
-							required: ["passkey"]
-						} } }
-					} }
-				} }
-			}, async (ctx) => {
-				const passkey$1 = await ctx.context.adapter.findOne({
-					model: "passkey",
-					where: [{
-						field: "id",
-						value: ctx.body.id
-					}]
-				});
-				if (!passkey$1) throw new APIError("NOT_FOUND", { message: PASSKEY_ERROR_CODES.PASSKEY_NOT_FOUND });
-				if (passkey$1.userId !== ctx.context.session.user.id) throw new APIError("UNAUTHORIZED", { message: PASSKEY_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_REGISTER_THIS_PASSKEY });
-				const updatedPasskey = await ctx.context.adapter.update({
-					model: "passkey",
-					where: [{
-						field: "id",
-						value: ctx.body.id
-					}],
-					update: { name: ctx.body.name }
-				});
-				if (!updatedPasskey) throw new APIError("INTERNAL_SERVER_ERROR", { message: PASSKEY_ERROR_CODES.FAILED_TO_UPDATE_PASSKEY });
-				return ctx.json({ passkey: updatedPasskey }, { status: 200 });
-			})
+			verifyPasskeyRegistration: verifyPasskeyRegistration(opts),
+			verifyPasskeyAuthentication: verifyPasskeyAuthentication(opts),
+			listPasskeys,
+			deletePasskey,
+			updatePasskey
 		},
 		schema: mergeSchema(schema, options?.schema),
 		$ERROR_CODES: PASSKEY_ERROR_CODES

package/package.json

@@ -1,10 +1,11 @@
 {
   "name": "@better-auth/passkey",
-  "version": "1.4.6-beta.2",
+  "version": "1.4.6",
   "type": "module",
   "description": "Passkey plugin for Better Auth",
   "main": "dist/index.mjs",
   "module": "dist/index.mjs",
+  "types": "dist/index.d.mts",
   "publishConfig": {
     "access": "public"
   },
@@ -31,9 +32,9 @@
     }
   },
   "devDependencies": {
-    "tsdown": "^0.16.0",
-    "@better-auth/core": "1.4.6-beta.2",
-    "better-auth": "1.4.6-beta.2"
+    "tsdown": "^0.17.0",
+    "better-auth": "1.4.6",
+    "@better-auth/core": "1.4.6"
   },
   "dependencies": {
     "@simplewebauthn/browser": "^13.1.2",
@@ -43,17 +44,17 @@
   "peerDependencies": {
     "@better-auth/utils": "0.3.0",
     "@better-fetch/fetch": "1.1.18",
-    "better-call": "1.1.4",
+    "better-call": "1.1.5",
     "nanostores": "^1.0.1",
-    "@better-auth/core": "1.4.6-beta.2",
-    "better-auth": "1.4.6-beta.2"
+    "@better-auth/core": "1.4.6",
+    "better-auth": "1.4.6"
   },
   "files": [
     "dist"
   ],
   "repository": {
     "type": "git",
-    "url": "https://github.com/better-auth/better-auth",
+    "url": "git+https://github.com/better-auth/better-auth.git",
     "directory": "packages/passkey"
   },
   "homepage": "https://www.better-auth.com/docs/plugins/passkey",
@@ -66,6 +67,7 @@
   "license": "MIT",
   "scripts": {
     "test": "vitest",
+    "coverage": "vitest run --coverage",
     "lint:package": "publint run --strict",
     "build": "tsdown",
     "dev": "tsdown --watch",